Solved

Remote access and secure data exchange

Posted on 2013-06-21
7
459 Views
Last Modified: 2013-06-24
Hi guys
Hope you can me out. I'm looking for some guidance on the following scenario.
My company recently went into partnership with a company that have Point of Sale systems and servers. My company want to retrieve data on POS and server and connect the figures to our financial system at head-quarters.

Issue number 1: We currently to not have control of POS and Servers. We do not software, anti-virus, patching etc on those machines as they are managed by other consultants.
Our application guys just want to create VPN between sites and allow those system to communicate through our firewall over specific ports. I don't think this is the best way to proceed.

Issue number 2: Headquarters want to access the POS to manage or troubleshoot systems on occasion. Would GotoAssist, NetSupport or WebEx be secure viable solutions for this?

Thank you in advance for your help. Any guidance for people that went through these types of things would relieve some stress over here...

CP
0
Comment
Question by:CProp
  • 3
  • 3
7 Comments
 
LVL 16

Assisted Solution

by:Michael Ortega (Internetwerx, Inc.)
Michael Ortega (Internetwerx, Inc.) earned 250 total points
ID: 39267518
What POS are you referring to? Some POS systems have tools already developed to export financial data natively.

Lots of different ways to administer your systems. Bomgar and CommandCenter are appliance based systems that even target the POS/KIOSK markets.

MO
0
 
LVL 32

Accepted Solution

by:
aleghart earned 250 total points
ID: 39268892
Not sure why you think a VPN is a bad idea.  It's far better than any transmission over the internet.  You can also use the VPN tunnel for remote access in a secure manner.  No ports open to internet.

If you have a lot of units and techs, than a cost-effective tool is ScreenConnect.  For $3,000 you get an unlimited server license for any number of endpoints and techs and open sessions.  Any of the other tools will cost that much for just 2 or 3 techs.

I ran a demo server.  Remote connections were faster and clearer than TeamViewer, which is already faster and clearer than GoTo__, LogMeIn, and WebEx.

You can white-label or private-brand the server GUI.  Using MS Windows & Internet Explorer from the tech's workstation is the best experience.  You can scale the user's screen quickly.  No scrolling.  Multiple monitors are fine too.

I used it to connect to a workstation with a vertical 1920x1080 monitor plus a 2MP horizontal monitor.  The clarity was impressive.  Could see x-ray images without a lot of artifacting or banding.
0
 

Author Comment

by:CProp
ID: 39269566
This is a good starting point for me
To answer the questions:
- The POS system is Pro-ShopKeeper from Club Prophet Systems.

Just a bit of clarification, I don't think the VPN is a bad idea per say. Encrypted tunnel is a good thing between 2 trusted sites.
I'm hesitant about doing this with a site where we don't control the end-point and the users that use those systems. They might install malware from malicious websites and VPN tunnel would be a vector into our organization.

Looking foward to your response

CP
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 32

Expert Comment

by:aleghart
ID: 39269587
Tunnel can be limited at either end, and by service/port.  So, you could have access to their /24 network, and limit them to just your remote control server or patch server, etc.
0
 

Author Comment

by:CProp
ID: 39270090
Maybe you are right. I might just being overly paranoid on that front.
I was looking at scenario about a malicious application that  tunnel through that service/port?
I know my boss will ask about that and I'm not sure about the risk.
Things like an reverse proxy or application firewall for deep packet inspection?

CP
0
 
LVL 32

Expert Comment

by:aleghart
ID: 39270173
If you limit your endpoint to port 1001 at 10.0.0.1, then the only exposure is that host on only port 1001.  Attempts to reach any other host or any other port will be blocked by your VPN policy.

If any other party tries to make a VPN connection, they would need the correct tunnel config and pre-shared key...and would have to have an IP address that matches your policy.

If you ever need to disconnect a client, or decide to cease operations with a customer, either end can disable the tunnel, and there will be zero access.
0
 

Author Closing Comment

by:CProp
ID: 39272310
Thanks guys, I really appreciated the quick response on this topic.

Chris
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Botnet detection help me please 21 85
audit logs in excel spreadsheet 1 46
PCI Compliance Free scan 2 78
How to keep XP in VM over Ubuntu from being Virus'd 22 62
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now